deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-20 09:17:25 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity
windows-itpro-docs/windows/client-management/mdm/windowssecurityauditing-csp.md
TokyoScarab 19f040fc02
Adding CSP Reference Link 
These changes will clear up confusion about the support of this CSP in Windows 10 as it wasn't added for all versions of Windows.
2019-04-08 15:51:45 -04:00

2.5 KiB
Raw Blame History

title, description, ms.assetid, ms.author, ms.topic, ms.prod, ms.technology, author, ms.date
title description ms.assetid ms.author ms.topic ms.prod ms.technology author ms.date
WindowsSecurityAuditing CSP The WindowsSecurityAuditing configuration service provider (CSP) is used to enable logging of security audit events. This CSP was added in Windows 10, version 1511. 611DF7FF-21CE-476C-AAB5-3D09C1CDF08A maricia article w10 windows MariciaAlforque 06/26/2017

WindowsSecurityAuditing CSP

The WindowsSecurityAuditing configuration service provider (CSP) is used to enable logging of security audit events. This CSP was added in Windows 10, version 1511 for Mobile and Mobile Enterprise. Make sure to consult the Configuration service provider reference to see if this CSP and others are supported on your Windows installation.

The following diagram shows the WindowsSecurityAuditing configuration service provider in tree format.

windowssecurityauditing csp diagram

WindowsSecurityAuditing
Root node.

ConfigurationSettings
Interior node for handling all the audit configuration settings. Do not use the Get operation in this node. It is only used of grouping configuration settings.

ConfigurationSettings/EnableSecurityAuditing
Specifies whether to enable or disable auditing for the device.

Value type is boolean. If true, a default set of audit events will be captured to a log file for upload; if false, auditing is disabled and events are not logged. Default value is false.

Supported operations are Get and Replace.

Examples

Enable logging of audit events.

<SyncML xmlns="SYNCML:SYNCML1.2">
  <SyncBody>
    <Replace>
      <CmdID>1</CmdID>
      <Item>
        <Target>
          <LocURI>
            ./Vendor/MSFT/WindowsSecurityAuditing/ConfigurationSettings/EnableSecurityAuditing
          </LocURI>
        </Target>
        <Meta>
          <Format xmlns="syncml:metinf">bool</Format>
          <Type>text/plain</Type>
        </Meta>
        <Data>true</Data>
      </Item>
    </Replace>
    <Final/> 
  </SyncBody>
</SyncML>

For more information about Windows security auditing, see What's new in security auditing.